Download as PDF, PPTX
Uploaded byChia-Hao Tsai
Passwd crack introduction
This document discusses password cracking methods, including storing passwords, hashing versus encryption, common hashing algorithms, and rainbow table attacks. It introduces password cracking and describes storing passwords in plaintext or hashed/encrypted formats. It also explains how rainbow table attacks work by pre-computing hash values into a lookup table to crack password hashes more efficiently than brute force methods.
![[2019.05] HST - RegEx 101 ~ 1001](https://cdn.slidesharecdn.com/ss_thumbnails/2019-190511134247-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2019.02.16] hst - orm](https://cdn.slidesharecdn.com/ss_thumbnails/2019-190216160351-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2019.01.12] hst iptables 101 to 301](https://cdn.slidesharecdn.com/ss_thumbnails/2019-190115125254-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2018.12.15] hst python object 102](https://cdn.slidesharecdn.com/ss_thumbnails/2018-181226015614-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2018.11.16] Python Object 101](https://cdn.slidesharecdn.com/ss_thumbnails/2018-181119022658-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2017.03.18] hst binary training part 1](https://cdn.slidesharecdn.com/ss_thumbnails/2017-170324055826-thumbnail.jpg?width=640&height=640&fit=bounds)
Passwd crack introduction
- 1.
- 2. Abstract ● Introduce passwordcrack ○ Password introduce ○ Crack method ○ No news, no tech
- 3. Store Password ● Plaintext ○Store the raw password in ■ Plain text ■ Data base or encoding ● Cipher ○ Hash ○ Encrypt
- 4. Hash vs Encrypt ●One-way function ● Conflict is possible ● Faster ● Based on algo. ● Revertable ● May not conflict ● Slower ● Based on algo. and key
- 5. Hash Algorithm ● Processvariable data as fixed length data ○ Trivial simple: ■ fn(x) = hex(x) % 16 ○ Complexity ■ Split into several fixed chunk ■ Shuffle the chunk ■ Repeat run encryption algorithm
- 6. Hash Algo. Abstract ●Raw data: 0123456789ABCDEF0 ○ Split into fixed size chunk ■ padding if need ■ 0123 4567 89AB CDEF 0333 ○ Shuffle per each chunk and run hash algo. ■ 3210 7654 BA98 FEDC 3330 ■ 3560 7D26 B708 FD91 3690 ■ 9DAF
- 7. Good or Bad ●Perfect hash algo ○ A hash function that is injective ● A good hash algo. ○ uniform ○ avalanche effect
- 8. Crack ● Trivial way ○Brute Force - Enumerate all possible ● Humanable ○ Dictionary attack - Enumerate TOP used possible ● Technique ○ Rainbow attach ○ Design deflaw
- 9. Rainbow Attack ● Trivialway ○ Try to crack hash value h ○ Possible answer X => h’ = f(x) ○ Compare h and h’ => not match => Repeat ● Table ○ Pre-compute the h1, h2 ... as rainbow table ○ compare between h and rainbow table
- 10. Why call Rainbow ●Rainbow function: r(x) ○ V1 => h1 = f(V1) => V2 = r(h1) => h2 = f(V2) … ○ Table store V1 and h2 ○ Hashed value h ■ compute h’ = f(r(h)) ■ Try to find match for h and h’ in table ○ if h match => raw data is V2 ○ if h’ match => raw data is V1
- 11. Benefit ● Reduce thenecessary table size ○ Only store front and end ● Reduce the compute time ○ Only compute hash “one time” per hash value ● Bound on rainbow table and rainbow function
- 12. Ref ● http://en.wikipedia. org/wiki/Rainbow_table ● https://www.thc.org/thc-hydra/ ●http://www.openwall.com/john/ ● https://crackstation.net/
- 13.